MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The file was detected as malicious by ClamAV and a machine learning classifier, indicating a high likelihood of malicious intent. The presence of multiple embedded URLs, including one directly flagged by a PDF_URI heuristic, suggests a phishing or social engineering lure. The document body, though heavily obfuscated, contains URLs that are likely intended to redirect the user to malicious content, such as the PDF at http://stakemycoin.com/uploads/1/3/0/4/130488846/letirapem.pdf.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://stakemycoin.com/uploads/1/3/0/4/130488846/letirapem.pdf
- http://jevolare.paypal-support-limitted.com/uploads/2020/01/28/levanax.pdf
- http://joyceandcraig.com/uploads/1/3/0/2/130272270/pudube.pdf
- http://cours-de-batterie-fouesnant.com/uploads/1/3/0/2/130289523/1942977.pdf
- http://dmtraining.net/uploads/1/3/0/4/130476816/130476816.html#reaccion+de+xantoproteica
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000011bc.binf9d68e8a9dac18f2768226f15406e8ca6b6fb328609360607a45162d5c731a32 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11BC | 9100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.